Ireland’s Data Protection Commission (DPC) says Meta’s ad-centric business model is noncompliant with European regulations.
That’s according to a public statement released Wednesday (Jan. 4) outlining the commission’s final decision regarding the tech company’s processing of personal data stemming from two complaints filed May 25, 2018 under the European Union’s (EU) General Data Protection Regulation (GDPR).
It represents a major blow to the company, whose stock price has already taken a 60% haircut, or $450 billion loss, for the year.
It also represents a landmark ruling for the social media industry, whose business model bread and butter is the ability to serve up users behaviorally targeted and customized ads.
Meta, like many tech companies including Amazon, Dell, Microsoft and Uber, has based its European headquarters in Ireland, making that nation the company’s main privacy regulator.
The Irish DPC has slapped Meta with $414 million in total fines for data-use breaches across its Facebook and Instagram platforms, as well as ordered the social media giant to present plans for bringing its data processing operations fully into EU compliance within the next three months.
The final decision by the Irish regulatory body concluded that Meta’s terms of service, which “force” users to accept personalized ads when signing up for the platform’s various social media services, “amounts to a contravention of Article 6 of the GDPR.”
Meta disagrees with the DPC’s decision and is planning to appeal, according to a company blog post.
“We strongly believe our approach respects GDPR and we’re therefore disappointed by these decisions,” the company said.
Meta has played hardball with the region in the past — even going so far as to threaten to pull its Facebook and Instagram services from the EU entirely this summer in the midst of another data dispute, as reported by PYMNTS.
The company ended up staying, and Meta’s Irish subsidiary has earmarked nearly $3.15 billion for privacy fines in the EU, as reported in a Dec. 31, 2021 corporate filing. Today’s penalty brings the company’s legal damages in Ireland alone in just the past 15 months to more than $1.3 billion.
Intent Represents the Post-Cookie Frontier for Digital Advertising
As the user information companies can access to sell ads gets increasingly cut off by data watchdogs, businesses are turning to artificial intelligence (AI) tools to help decipher shopper intent and boost their online sales.
Alexandre Robicquet, CEO and co-founder of recommendation engine Crossing Minds, told PYMNTS in a discussion last spring that, “instead of focusing on acquiring as much intrusive data about where you live, who you are and all, why don’t you focus on the first three clicks of what they’re looking at and what they’re spending time on? You end up with a ton of implicit feedback, completely anonymized, that gives you a sense of what is that person here for.”
“We’re in 2022,” he added. “You should not have to pay with your personal information, you should not have to pay with your time and your attention.”
It took four years for Irish authorities to reach their decision regarding Meta’s noncompliant processing of customer data.
During that time, Apple launched a major reset of its privacy policy that allowed iPhone users to opt out of data tracking. The change reduced Meta’s revenue by 8% in 2021 according to company filings.
Is the Party Over for Third-Party Data?
If the DPC decisions are upheld pending the appeal, it may mean that Meta will be required to allow its European users to opt out of ads tied to data collected around their individual on-platform interactions.
Meta already allows its sizable user base to opt out of personalized ads that leverage data from other websites and apps, but it does not provide that option for data collected across the enterprise’s own suite of popular services including Instagram, Facebook, WhatsApp and others.
For years, this fully owned ecosystem allowed the company to build segmented audiences for hyper-targeted ads, a core historical driver of Meta’s revenue.
As the DPC and EU sharpen their approach toward the use of individual digital histories for behavioral tracking, companies dependent on selling data-backed ad packages will need to evolve and transform their business models — at least in Europe.
Without access to valuable customer data sets, user-driven platform businesses like Meta may have to look for new revenue growth areas or embrace alternative tactics, possibly including subscription models.
How the preeminent social media giant contends with the impact of further data privacy blows, as well as increased competition from video-native competitors like TikTok that are separately reshaping the industry landscape, remains to be seen.